loki_tool/loki_unlok.c - LeafOS-Devices/android_hardware_samsung - Gitiles

 /*
  * loki_unlok
  *
  * A utility to revert the changes made by loki_patch.
  *
  * by Dan Rosenberg (@djrbliss)
  *
  */

 #include <stdio.h>
 #include <fcntl.h>
 #include <sys/mman.h>
 #include <sys/stat.h>
 #include <string.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include "loki.h"

 static unsigned char patch[] = PATCH;

 /* Find the original address of the ramdisk, which
  * was embedded in the shellcode. */
 int find_ramdisk_addr(void *img, int sz)
 {

 	int i, ramdisk = 0;

 	for (i = 0; i < sz - (sizeof(patch) - 9); i++) {
 		if (!memcmp((char *)img + i, patch, sizeof(patch)-9)) {
 			ramdisk = *(int *)(img + i + sizeof(patch) - 5);
 			break;
 		}
 	}

 	return ramdisk;
 }

 int loki_unlok(const char* in_image, const char* out_image)
 {
 	int ifd, ofd;
 	unsigned int orig_ramdisk_size, orig_kernel_size, orig_ramdisk_addr;
 	unsigned int page_kernel_size, page_ramdisk_size, page_size, page_mask, fake_size;
 	void *orig;
 	struct stat st;
 	struct boot_img_hdr *hdr;
 	struct loki_hdr *loki_hdr;

 	ifd = open(in_image, O_RDONLY);
 	if (ifd < 0) {
 		printf("[-] Failed to open %s for reading.\n", in_image);
 		return 1;
 	}

 	ofd = open(out_image, O_WRONLY|O_CREAT|O_TRUNC, 0644);
 	if (ofd < 0) {
 		printf("[-] Failed to open %s for writing.\n", out_image);
 		return 1;
 	}

 	/* Map the original boot/recovery image */
 	if (fstat(ifd, &st)) {
 		printf("[-] fstat() failed.\n");
 		return 1;
 	}

 	orig = mmap(0, (st.st_size + 0x2000 + 0xfff) & ~0xfff, PROT_READ|PROT_WRITE, MAP_PRIVATE, ifd, 0);
 	if (orig == MAP_FAILED) {
 		printf("[-] Failed to mmap input file.\n");
 		return 1;
 	}

 	hdr = orig;
 	loki_hdr = orig + 0x400;

 	if (memcmp(loki_hdr->magic, "LOKI", 4)) {
 		printf("[-] Input file is not a Loki image.\n");

 		/* Copy the entire file to the output transparently */
 		if (write(ofd, orig, st.st_size) != st.st_size) {
 			printf("[-] Failed to copy Loki image.\n");
 			return 1;
 		}

 		printf("[+] Copied Loki image to %s.\n", out_image);

 		return 0;
 	}

 	page_size = hdr->page_size;
 	page_mask = hdr->page_size - 1;

 	/* Infer the size of the fake block based on the newer ramdisk address */
 	if (hdr->ramdisk_addr > 0x88f00000 || hdr->ramdisk_addr < 0xfa00000)
 		fake_size = page_size;
 	else
 		fake_size = 0x200;

 	orig_ramdisk_addr = find_ramdisk_addr(orig, st.st_size);
 	if (orig_ramdisk_addr == 0) {
 		printf("[-] Failed to find original ramdisk address.\n");
 		return 1;
 	}

 	/* Restore the original header values */
 	hdr->ramdisk_addr = orig_ramdisk_addr;
 	hdr->kernel_size = orig_kernel_size = loki_hdr->orig_kernel_size;
 	hdr->ramdisk_size = orig_ramdisk_size = loki_hdr->orig_ramdisk_size;

 	/* Erase the loki header */
 	memset(loki_hdr, 0, sizeof(*loki_hdr));

 	/* Write the image header */
 	if (write(ofd, orig, page_size) != page_size) {
 		printf("[-] Failed to write header to output file.\n");
 		return 1;
 	}

 	page_kernel_size = (orig_kernel_size + page_mask) & ~page_mask;

 	/* Write the kernel */
 	if (write(ofd, orig + page_size, page_kernel_size) != page_kernel_size) {
 		printf("[-] Failed to write kernel to output file.\n");
 		return 1;
 	}

 	page_ramdisk_size = (orig_ramdisk_size + page_mask) & ~page_mask;

 	/* Write the ramdisk */
 	if (write(ofd, orig + page_size + page_kernel_size, page_ramdisk_size) != page_ramdisk_size) {
 		printf("[-] Failed to write ramdisk to output file.\n");
 		return 1;
 	}

 	/* Write the device tree if needed */
 	if (hdr->dt_size) {

 		printf("[+] Writing device tree.\n");

 		/* Skip an additional fake_size (page_size of 0x200) bytes */
 		if (write(ofd, orig + page_size + page_kernel_size + page_ramdisk_size + fake_size, hdr->dt_size) != hdr->dt_size) {
 			printf("[-] Failed to write device tree to output file.\n");
 			return 1;
 		}
 	}

 	close(ifd);
 	close(ofd);

 	printf("[+] Output file written to %s\n", out_image);

 	return 0;
 }
	/*
	* loki_unlok
	*
	* A utility to revert the changes made by loki_patch.
	*
	* by Dan Rosenberg (@djrbliss)
	*
	*/

	#include <stdio.h>
	#include <fcntl.h>
	#include <sys/mman.h>
	#include <sys/stat.h>
	#include <string.h>
	#include <stdlib.h>
	#include <unistd.h>
	#include "loki.h"

	static unsigned char patch[] = PATCH;

	/* Find the original address of the ramdisk, which
	* was embedded in the shellcode. */
	int find_ramdisk_addr(void *img, int sz)
	{

	int i, ramdisk = 0;

	for (i = 0; i < sz - (sizeof(patch) - 9); i++) {
	if (!memcmp((char *)img + i, patch, sizeof(patch)-9)) {
	ramdisk = (int )(img + i + sizeof(patch) - 5);
	break;
	}
	}

	return ramdisk;
	}

	int loki_unlok(const char* in_image, const char* out_image)
	{
	int ifd, ofd;
	unsigned int orig_ramdisk_size, orig_kernel_size, orig_ramdisk_addr;
	unsigned int page_kernel_size, page_ramdisk_size, page_size, page_mask, fake_size;
	void *orig;
	struct stat st;
	struct boot_img_hdr *hdr;
	struct loki_hdr *loki_hdr;

	ifd = open(in_image, O_RDONLY);
	if (ifd < 0) {
	printf("[-] Failed to open %s for reading.\n", in_image);
	return 1;
	}

	ofd = open(out_image, O_WRONLY\|O_CREAT\|O_TRUNC, 0644);
	if (ofd < 0) {
	printf("[-] Failed to open %s for writing.\n", out_image);
	return 1;
	}

	/* Map the original boot/recovery image */
	if (fstat(ifd, &st)) {
	printf("[-] fstat() failed.\n");
	return 1;
	}

	orig = mmap(0, (st.st_size + 0x2000 + 0xfff) & ~0xfff, PROT_READ\|PROT_WRITE, MAP_PRIVATE, ifd, 0);
	if (orig == MAP_FAILED) {
	printf("[-] Failed to mmap input file.\n");
	return 1;
	}

	hdr = orig;
	loki_hdr = orig + 0x400;

	if (memcmp(loki_hdr->magic, "LOKI", 4)) {
	printf("[-] Input file is not a Loki image.\n");

	/* Copy the entire file to the output transparently */
	if (write(ofd, orig, st.st_size) != st.st_size) {
	printf("[-] Failed to copy Loki image.\n");
	return 1;
	}

	printf("[+] Copied Loki image to %s.\n", out_image);

	return 0;
	}

	page_size = hdr->page_size;
	page_mask = hdr->page_size - 1;

	/* Infer the size of the fake block based on the newer ramdisk address */
	if (hdr->ramdisk_addr > 0x88f00000 \|\| hdr->ramdisk_addr < 0xfa00000)
	fake_size = page_size;
	else
	fake_size = 0x200;

	orig_ramdisk_addr = find_ramdisk_addr(orig, st.st_size);
	if (orig_ramdisk_addr == 0) {
	printf("[-] Failed to find original ramdisk address.\n");
	return 1;
	}

	/* Restore the original header values */
	hdr->ramdisk_addr = orig_ramdisk_addr;
	hdr->kernel_size = orig_kernel_size = loki_hdr->orig_kernel_size;
	hdr->ramdisk_size = orig_ramdisk_size = loki_hdr->orig_ramdisk_size;

	/* Erase the loki header */
	memset(loki_hdr, 0, sizeof(*loki_hdr));

	/* Write the image header */
	if (write(ofd, orig, page_size) != page_size) {
	printf("[-] Failed to write header to output file.\n");
	return 1;
	}

	page_kernel_size = (orig_kernel_size + page_mask) & ~page_mask;

	/* Write the kernel */
	if (write(ofd, orig + page_size, page_kernel_size) != page_kernel_size) {
	printf("[-] Failed to write kernel to output file.\n");
	return 1;
	}

	page_ramdisk_size = (orig_ramdisk_size + page_mask) & ~page_mask;

	/* Write the ramdisk */
	if (write(ofd, orig + page_size + page_kernel_size, page_ramdisk_size) != page_ramdisk_size) {
	printf("[-] Failed to write ramdisk to output file.\n");
	return 1;
	}

	/* Write the device tree if needed */
	if (hdr->dt_size) {

	printf("[+] Writing device tree.\n");

	/* Skip an additional fake_size (page_size of 0x200) bytes */
	if (write(ofd, orig + page_size + page_kernel_size + page_ramdisk_size + fake_size, hdr->dt_size) != hdr->dt_size) {
	printf("[-] Failed to write device tree to output file.\n");
	return 1;
	}
	}

	close(ifd);
	close(ofd);

	printf("[+] Output file written to %s\n", out_image);

	return 0;
	}